Domain Keys Explained

Via Jeremy Zawodny,, Yahoo’s Anti-Spam Resource Center have published an explanation of their proposed Domain Keys spam fighting technique. At first glance it looks very promising. There’s no centralised authority, no requirements for changes to existing protocols and the central concept is extremely easy to understand. Essentially, mail servers generate a public/private key pair and sign outgoing messages with the private key, while publishing the public key as part of their DNS record. Because only they can publish to their public key in this way the signature can be used to confirm that the sender of the email has not been spoofed. The presence or lack of a signature can be used as part of the process of identifying spam.

The FAQ covers all the bases I could think of, and explains how Domain Keys can help fight phishing attacks as well.